guaychou/ks.cfg

## ks.cfg
# Base settings install

# Zero everything out...
zerombr
clearpart  --all --initlabel

# Generic boot settings...
cdrom
lang en_US.UTF-8
keyboard 'us'

# Root password - from dd if=/dev/random bs=1k count=1 | md5sum | python -c "import crypt, getpass, sys, pwd; print crypt.crypt(sys.stdin.read(), '\$6\$saltgoeshere\$')"
# Crypting stuff is from http://unix.stackexchange.com/questions/52108/how-to-create-sha512-password-hashes-on-command-line - mileage may vary.
rootpw --iscrypted * --lock

# Network setup
network --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname=localhost.localdomain
timezone --utc UTC

# Base settings
firewall --enabled --trust eth0 --ssh
authconfig --enableshadow --passalgo=sha512
selinux --permissive
timezone --utc UTC

# Install in text mode, no X11
skipx

# Disk 1
# 256M -> /boot (NO LVM)

# Disk 2
# 40G -> /
# 4G -> /var
# 8G -> /opt
# 4G -> /home
# 1G -> /root

# Disk 2
# 20G -> /var/log

# Disk 3
# 20G -> /tmp

# Disk 4
# 256M -> /var/lib/elasticsearch (grows to max)
# 256M -> /var/lib/influxdb (grows to max)

part       /boot             --size=200     --grow --asprimary   --ondrive=sda
part       swap              --size=1000    --grow --asprimary
part       pv.0              --size=56000   --grow --asprimary   --ondrive=sdb
part       pv.1              --size=20000   --grow --asprimary   --ondrive=sdc
part       pv.2              --size=20000   --grow --asprimary   --ondrive=sdd
part       pv.3              --size=500     --grow --asprimary   --ondrive=sde

volgroup   vg.0              pv.0
volgroup   vg.2              pv.2
volgroup   vg.1              pv.1
volgroup   vg.3              pv.3

logvol     /                         --name=root                 --size=20000       --vgname vg.0
logvol     /var                      --name=var                  --size=4000        --vgname vg.0
logvol     /opt                      --name=opt                  --size=8000        --vgname vg.0
logvol     /home                     --name=home                 --size=4000        --vgname vg.0
logvol     /opt/ncprogs/backspools   --name=backspools           --size=20000       --vgname vg.0
logvol     /tmp                      --name=tmp                  --size=10000       --vgname vg.2
logvol     /var/spool                --name=spool                --size=10000       --vgname vg.2
logvol     /var/log                  --name=varlog               --size=20000       --vgname vg.1
logvol     /var/lib/elasticsearch    --name=elasticsearch        --percent=60       --vgname vg.3
logvol     /var/lib/influxdb         --name=influxdb              --percent=40      --vgname vg.3

# Install bootloader
bootloader --location=mbr --append="norhgb net.ifnames=0 biosdevname=0"

# Disable wonky stuff
firstboot --disabled

# Enable network and SSH
services --enabled network,sshd

# Reboot after setup
reboot

# Stuff in updates repos so we don't waste time there later...
repo --name=rhel-7-server           --baseurl=http://10.1.158.119:8080/repos/rhel-7-server
repo --name=rhel-7-server-optional  --baseurl=http://10.1.158.119:8080/repos/rhel-7-server-optional
repo --name=rhel-7-server-extras    --baseurl=http://10.1.158.119:8080/repos/rhel-7-server-extras

# Install stuff
%packages --excludedocs --nobase

# Core group - we use all of it currently; this makes it a little easier to strip stuff out
@core
-ecryptfs-utils
rsyslog

# Tools you just need
bzip2
curl
gcc
kernel-devel
kernel-headers
make
net-tools
nfs-utils
openssh-clients
patch
perl
sudo
wget
vim
nano
telnet

# Unnecessary firmware (pulled from https://github.com/chef/bento/blob/master/http/centos-7.1)
-aic94xx-firmware
-atmel-firmware
-b43-openfwwf
-bfa-firmware
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl100-firmware
-iwl105-firmware
-iwl135-firmware
-iwl1000-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-usb8388-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware

-fprintd-pam
-intltool

# Make sure Virtualbox Guest Extensions can build
kernel-devel
kernel-headers
zlib-devel
openssl-devel
readline-devel
sqlite-devel
perl
gcc
ruby

# Stuff for Puppet
libselinux-ruby
libX11
libXau
libXdmcp
tk
augeas-libs

# Base packages
gcc
gdb
git
iotop
postfix
python
python-libs
python-setuptools
rpm-build
screen
strace

# VMware tools (part 1 - part 2 comes from http://partnerweb.vmware.com/GOSIG/RHEL_7.html#Tools in virtualbox.sh)
open-vm-tools

%end

%post

# The request above to skip bluez-utils, dogtail, and systemtap is ignored due to something tweaky.  So we compensate back to normal here.  :/
yum -y erase gtk2 hicolor-icon-theme avahi freetype bitstream-vera-fonts gnome gnome-python2 libXt libXfixes libXxf86misc libXres libXft libXrender libXmu libXi libXcursor libXTrap libXxf86vm libXfontcache libXevie libXpm xorg-x11-server-Xvfb libXfont libXext libXrandr libXinerama libXtst libXaw gnome-mime-data

# Add Vagrant user and group.  501/20 matches the default user on OS X (in case you're thinking of using NFS in that context)
/usr/sbin/groupadd -g 501 vagrant
/usr/sbin/useradd -u 501 -g 501 -m vagrant

echo "vagrant"|passwd --stdin vagrant
echo 'Defaults:vagrant !requiretty' >> /etc/sudoers.d/vagrant
echo '%vagrant ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/vagrant

mkdir /home/vagrant/.ssh

cat <<THE_END > /home/vagrant/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
THE_END
chown vagrant:vagrant -R /home/vagrant/.ssh
chmod 700 /home/vagrant/.ssh
chmod 600 /home/vagrant/.ssh/authorized_keys

chcon -R unconfined_u:object_r:user_home_t:s0 /home/vagrant/.ssh

# Disable 'consistent network device naming' and make things act more or less reasonable in a VM-oriented context.
echo > /etc/udev/rules.d/70-persistent-net.rules
echo > /etc/udev/rules.d/75-persistent-net-generator.rules

sed -i'' -e '/UUID=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i'' -e '/HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i'' -e '/DHCP_HOSTNAME=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i'' -e 's/NM_CONTROLLED=.*/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-eth0

# Disable rhnsd so we don't get automatic updates - needs discussion with The Operators.  This is aimed at immutable stuff.  YMMV.
service rhnsd stop || echo "ignore"
chkconfig rhnsd off

%end

## packer-rhel7.1.json
{
  "variables": {
    "ip_address": "IP_ADDRESS",
    "netmask": "255.255.255.0",
    "gateway": "IP_ADDRESS",
    "nameserver1": "IP_ADDRESS",
    "nameserver2": "IP_ADDRESS",
    "headless": "true",
    "remote_type_info": "If you're building directly on ESX, set remote_type to 'esx'.  Otherwise, leave it blank.",
    "remote_type": "",
    "exsi_info_1": "You only need to fill in the esxi_* variables if you're building on ESX.  Otherwise, packer will build locally.",
    "esxi_username": "",
    "esxi_password": "",
    "esxi_host": "",
    "esxi_datastore": "",
    "yum_caching_proxy_url": "",
    "password": "vagrant",
    "redhat_repo_base_url": "http://IP_ADDRESS/yum",
    "iso_root": "http://IP_ADDRESS/yum/iso",
    "role": "base",
    "hiera": "hiera/null.yaml",
    "post_command": " || [[ \"$?\" == \"2\" || \"$?\" == \"0\" ]] || (echo \"sleeping 90000 seconds due to failure; ctrl-Z to pause indefinitely\"; sleep 90000; exit 1)",
    "memory": "4096",
    "final_memory": "8192",
    "cpu_count": "2",
    "disk_boot": "4000",
    "disk_common": "57000",
    "disk_log": "21000",
    "disk_tmp": "21000",
    "disk_search": "100000",
    "build_ip_info_1": "See https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/chap-anaconda-boot-options.html#tabl-boot-options-network-formats",
    "build_ip_info_2": "Use 'dhcp' to set DHCP",
    "build_ip_info_3": "Static configuration comes in the format ip=ip::gateway:netmask:hostname:interface:none",
    "build_ip_info_4": "where the 'none' is the literal string 'none', indicating the configuration method",
    "build_ip": "dhcp",
    "post_info_1": "All of the post variables below set the final state of the machine up so that it it's just a single-button action to turn on and attach.",
    "post_info_2": "When the box is booted, the settings below will take effect - so be careful to isolate your nets if you're swapping out VMs or anything like that.",
    "post_hostname": "",
    "post_domain": "",
    "post_dns_1": "",
    "post_dns_2": "",
    "post_dns_3": "",
    "post_ip_address_1": "",
    "post_ip_address_2": "",
    "post_netmask_1": "",
    "post_netmask_2": "",
    "post_gateway": ""
  },
  "builders": [
    {
      "name": "rhel7-vmware-base",
      "type": "vmware-iso",
      "vmdk_name": "disk",
      "headless": "{{ user `headless` }}",
      "remote_type": "{{ user `remote_type` }}",
      "remote_username": "{{ user `esxi_username` }}",
      "remote_password": "{{ user `esxi_password` }}",
      "remote_host": "{{user `esxi_host` }}",
      "remote_datastore": "{{ user `esxi_datastore` }}",
      "remote_cache_directory": "/packer",
      "vmx_data": {
        "config.version": "8",
        "ctkEnabled": "true",
        "ethernet0.displayName": "Ethernet",
        "ethernet0.virtualDev": "e1000",
        "mem.hotadd": "true",
        "memSize": "8192",
        "numvcpus": "2",
        "sched.cpu.shares": "normal",
        "sched.mem.shares": "normal",
        "softPowerOff": "false",
        "svga.present": "true",
        "svga.vramSize": "8388608",
        "tools.upgrade.policy": "manual",
        "virtualHW.version": "8"
      },
      "vmx_data_post": {
        "numvcpus": "{{ user `cpu_count` }}",
        "ethernet0.connectionType": "bridged",
        "ethernet0.virtualdev": "vmxnet3",
        "ethernet1.virtualdev": "vmxnet3",
        "memsize": "{{ user `final_memory` }}",
        "ide1:0.present": "false",
        "tools.synctime": "false",
        "toolscripts.afterpoweron": "true",
        "toolscripts.afterresume": "true",
        "toolscripts.beforesuspend": "true",
        "toolscripts.beforepoweroff": "true",
        "remotedisplay.vnc.enabled": "FALSE"
      },
      "guest_os_type": "rhel6-64",
      "tools_upload_flavor": "linux",
      "tools_upload_path": "/home/vagrant/linux.iso",
      "disk_size": "{{ user `disk_boot` }}",
      "disk_type_id": "0",
      "disk_additional_size": [
        "{{ user `disk_common` }}",
        "{{ user `disk_log` }}",
        "{{ user `disk_tmp` }}",
        "{{ user `disk_search` }}"
      ],
      "vmx_template_path": "templates/vmx/vmx-template-linux.vmx",
      "vmx_disk_template_path": "templates/vmx/vmx-disk-template-linux.vmx",
      "iso_url": "{{ user `iso_root` }}/rhel-server-7.1-x86_64-dvd.iso",
      "iso_checksum": "2f44295b1b40b98d2ef694cc111dbb34f46151f38f60bd1db951d142a9d417b414e80b5981ca53e8f32e198ec264120b2b626ea86e2a5793a682d536ce78b1e0",
      "iso_checksum_type": "sha512",
      "http_directory": "kickstarts/rhel-7.1",
      "output_directory": "rhel7-vmware-base",
      "boot_command": "<up><tab> text net.ifnames=0 inst.ks=http://IP_ADDRESS/ks.cfg ip={{ user `build_ip` }}<enter><wait><enter><wait>",
      "boot_wait": "5s",
      "shutdown_command": "echo 'vagrant' | sudo -S /sbin/shutdown -h now",
      "ssh_username": "vagrant",
      "ssh_password": "vagrant",
      "ssh_wait_timeout": "1000s",
      "vm_name": "rhel7-vmware-base"
    },
    {
      "name": "rhel7-virtualbox-base",
      "type": "virtualbox-iso",
      "headless": "{{ user `headless` }}",
      "guest_os_type": "RedHat_64",
      "guest_additions_mode": "upload",
      "guest_additions_path": "VBoxGuestAdditions.iso",
      "virtualbox_version_file": ".vbox_version",
      "disk_size": "{{ user `disk_boot` }}",
      "hard_drive_interface": "sata",
      "vboxmanage": [
        [
          "modifyvm",
          "{{.Name}}",
          "--cpus",
          "{{ user `cpu_count` }}"
        ],
        [
          "modifyvm",
          "{{.Name}}",
          "--memory",
          "{{ user `final_memory` }}"
        ],
        [
          "createhd",
          "--format",
          "VDI",
          "--filename",
          "disk2.vdi",
          "--size",
          "{{ user `disk_common` }}"
        ],
        [
          "storageattach",
          "{{.Name}}",
          "--storagectl",
          "SATA Controller",
          "--port",
          "1",
          "--type",
          "hdd",
          "--medium",
          "disk2.vdi"
        ],
        [
          "createhd",
          "--format",
          "VDI",
          "--filename",
          "disk3.vdi",
          "--size",
          "{{ user `disk_log` }}"
        ],
        [
          "storageattach",
          "{{.Name}}",
          "--storagectl",
          "SATA Controller",
          "--port",
          "2",
          "--type",
          "hdd",
          "--medium",
          "disk3.vdi"
        ],
        [
          "createhd",
          "--format",
          "VDI",
          "--filename",
          "disk4.vdi",
          "--size",
          "{{ user `disk_tmp` }}"
        ],
        [
          "storageattach",
          "{{.Name}}",
          "--storagectl",
          "SATA Controller",
          "--port",
          "3",
          "--type",
          "hdd",
          "--medium",
          "disk4.vdi"
        ],
        [
          "createhd",
          "--format",
          "VDI",
          "--filename",
          "disk5.vdi",
          "--size",
          "{{ user `disk_search` }}"
        ],
        [
          "storageattach",
          "{{.Name}}",
          "--storagectl",
          "SATA Controller",
          "--port",
          "4",
          "--type",
          "hdd",
          "--medium",
          "disk5.vdi"
        ]
      ],
      "iso_url": "{{ user `iso_root` }}/rhel-server-7.1-x86_64-dvd.iso",
      "iso_checksum": "2f44295b1b40b98d2ef694cc111dbb34f46151f38f60bd1db951d142a9d417b414e80b5981ca53e8f32e198ec264120b2b626ea86e2a5793a682d536ce78b1e0",
      "iso_checksum_type": "sha512",
      "http_directory": "kickstarts/rhel-7.1",
      "output_directory": "rhel7-virtualbox-base",
      "boot_command": "<up><tab> text net.ifnames=0 inst.ks=http://IP_ADDRESS/ks.cfg ip={{ user `build_ip` }}<enter><wait><enter><wait>",
      "boot_wait": "5s",
      "shutdown_command": "echo 'vagrant' | sudo -S /sbin/shutdown -h now",
      "ssh_username": "vagrant",
      "ssh_password": "vagrant",
      "ssh_wait_timeout": "1000s",
      "vm_name": "rhel7-virtualbox-base"
    }
  ],
  "provisioners": [
    {
      "type": "shell",
      "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}' {{ user `post_command` }}",
      "environment_vars": [
        "REDHAT_REPO_BASE_URL={{ user `redhat_repo_base_url` }}",
        "YUM_CACHING_PROXY_URL={{ user `yum_caching_proxy_url` }}",
        "POST_DOMAIN={{ user `post_domain` }}",
        "POST_HOSTNAME={{ user `post_hostname` }}",
        "POST_IP_ADDRESS_1={{ user `post_ip_address_1` }}",
        "POST_IP_ADDRESS_2={{ user `post_ip_address_2` }}",
        "POST_NETMASK_1={{ user `post_netmask_1` }}",
        "POST_NETMASK_2={{ user `post_netmask_2` }}",
        "POST_DNS1={{ user `post_dns1` }}",
        "POST_DNS2={{ user `post_dns2` }}",
        "POST_DNS3={{ user `post_dns3` }}",
        "POST_GATEWAY={{ user `post_gateway` }}",
        "PASSWORD={{ user `password` }}"
      ],
      "scripts": [
        "scripts/linux/bare.sh",
        "scripts/linux/virtualbox.sh",
        "scripts/linux/facter.sh",
        "scripts/linux/sanity_check.sh"
      ]
    },
    {
      "type": "file",
      "source": "provisioners/puppeteer/puppet",
      "destination": "/tmp/puppet"
    },
    {
      "type": "shell",
      "inline": "sudo cp -a /tmp/puppet/* /etc/puppet/; rm -rf /tmp/puppet"
    },
    {
      "type": "puppet-masterless",
      "execute_command": "{{.FacterVars}}{{if .Sudo}} sudo -E {{end}}puppet apply --verbose --debug --parser future --modulepath='/etc/puppet/modules' --hiera_config='/etc/puppet/{{ user `hiera` }}' --manifestdir='/etc/puppet/manifests' --detailed-exitcodes /etc/puppet/manifests/site.pp {{ user `post_command` }}",
      "facter": {
        "server_tags": "role:{{ user `role` }}=true",
        "redhat_repo_base_url": "{{ user `redhat_repo_base_url` }}"
      },
      "hiera_config_path": "provisioners/puppeteer/puppet/{{ user `hiera` }}",
      "manifest_file": "provisioners/puppeteer/puppet/manifests/site.pp",
      "module_paths": [
        "provisioners/puppeteer/puppet/modules/"
      ],
      "staging_directory": "/tmp/packer-puppet-masterless/puppet"
    },
    {
      "type": "shell",
      "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}' {{ user `post_command` }}",
      "environment_vars": [
        "REDHAT_REPO_BASE_URL={{ user `redhat_repo_base_url` }}",
        "YUM_CACHING_PROXY_URL={{ user `yum_caching_proxy_url` }}",
        "POST_DOMAIN={{ user `post_domain` }}",
        "POST_HOSTNAME={{ user `post_hostname` }}",
        "POST_IP_ADDRESS_1={{ user `post_ip_address_1` }}",
        "POST_IP_ADDRESS_2={{ user `post_ip_address_2` }}",
        "POST_NETMASK_1={{ user `post_netmask_1` }}",
        "POST_NETMASK_2={{ user `post_netmask_2` }}",
        "POST_DNS1={{ user `post_dns1` }}",
        "POST_DNS2={{ user `post_dns2` }}",
        "POST_DNS3={{ user `post_dns3` }}",
        "POST_GATEWAY={{ user `post_gateway` }}",
        "PASSWORD={{ user `password` }}"
      ],
      "scripts": [
        "scripts/linux/sensus-harden.sh",
        "scripts/linux/ipaddress.sh",
        "scripts/linux/password.sh",
        "scripts/linux/cleanup.sh"
      ]
    },
    {
      "type": "shell",
      "inline": [
        "echo Sleeping 90 so you can interrupt - run pkill -f sleep to continue.",
        "sleep 90 || true"
      ]
    }
  ],
  "post-processors": []
}
	# Base settings install

	# Zero everything out...
	zerombr
	clearpart --all --initlabel

	# Generic boot settings...
	cdrom
	lang en_US.UTF-8
	keyboard 'us'

	# Root password - from dd if=/dev/random bs=1k count=1 \| md5sum \| python -c "import crypt, getpass, sys, pwd; print crypt.crypt(sys.stdin.read(), '\$6\$saltgoeshere\$')"
	# Crypting stuff is from http://unix.stackexchange.com/questions/52108/how-to-create-sha512-password-hashes-on-command-line - mileage may vary.
	rootpw --iscrypted * --lock

	# Network setup
	network --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname=localhost.localdomain
	timezone --utc UTC

	# Base settings
	firewall --enabled --trust eth0 --ssh
	authconfig --enableshadow --passalgo=sha512
	selinux --permissive
	timezone --utc UTC

	# Install in text mode, no X11
	skipx

	# Disk 1
	# 256M -> /boot (NO LVM)

	# Disk 2
	# 40G -> /
	# 4G -> /var
	# 8G -> /opt
	# 4G -> /home
	# 1G -> /root

	# Disk 2
	# 20G -> /var/log

	# Disk 3
	# 20G -> /tmp

	# Disk 4
	# 256M -> /var/lib/elasticsearch (grows to max)
	# 256M -> /var/lib/influxdb (grows to max)

	part /boot --size=200 --grow --asprimary --ondrive=sda
	part swap --size=1000 --grow --asprimary
	part pv.0 --size=56000 --grow --asprimary --ondrive=sdb
	part pv.1 --size=20000 --grow --asprimary --ondrive=sdc
	part pv.2 --size=20000 --grow --asprimary --ondrive=sdd
	part pv.3 --size=500 --grow --asprimary --ondrive=sde

	volgroup vg.0 pv.0
	volgroup vg.2 pv.2
	volgroup vg.1 pv.1
	volgroup vg.3 pv.3

	logvol / --name=root --size=20000 --vgname vg.0
	logvol /var --name=var --size=4000 --vgname vg.0
	logvol /opt --name=opt --size=8000 --vgname vg.0
	logvol /home --name=home --size=4000 --vgname vg.0
	logvol /opt/ncprogs/backspools --name=backspools --size=20000 --vgname vg.0
	logvol /tmp --name=tmp --size=10000 --vgname vg.2
	logvol /var/spool --name=spool --size=10000 --vgname vg.2
	logvol /var/log --name=varlog --size=20000 --vgname vg.1
	logvol /var/lib/elasticsearch --name=elasticsearch --percent=60 --vgname vg.3
	logvol /var/lib/influxdb --name=influxdb --percent=40 --vgname vg.3

	# Install bootloader
	bootloader --location=mbr --append="norhgb net.ifnames=0 biosdevname=0"

	# Disable wonky stuff
	firstboot --disabled

	# Enable network and SSH
	services --enabled network,sshd

	# Reboot after setup
	reboot

	# Stuff in updates repos so we don't waste time there later...
	repo --name=rhel-7-server --baseurl=http://10.1.158.119:8080/repos/rhel-7-server
	repo --name=rhel-7-server-optional --baseurl=http://10.1.158.119:8080/repos/rhel-7-server-optional
	repo --name=rhel-7-server-extras --baseurl=http://10.1.158.119:8080/repos/rhel-7-server-extras

	# Install stuff
	%packages --excludedocs --nobase

	# Core group - we use all of it currently; this makes it a little easier to strip stuff out
	@core
	-ecryptfs-utils
	rsyslog

	# Tools you just need
	bzip2
	curl
	gcc
	kernel-devel
	kernel-headers
	make
	net-tools
	nfs-utils
	openssh-clients
	patch
	perl
	sudo
	wget
	vim
	nano
	telnet

	# Unnecessary firmware (pulled from https://github.com/chef/bento/blob/master/http/centos-7.1)
	-aic94xx-firmware
	-atmel-firmware
	-b43-openfwwf
	-bfa-firmware
	-ipw2100-firmware
	-ipw2200-firmware
	-ivtv-firmware
	-iwl100-firmware
	-iwl105-firmware
	-iwl135-firmware
	-iwl1000-firmware
	-iwl2000-firmware
	-iwl2030-firmware
	-iwl3160-firmware
	-iwl3945-firmware
	-iwl4965-firmware
	-iwl5000-firmware
	-iwl5150-firmware
	-iwl6000-firmware
	-iwl6000g2a-firmware
	-iwl6000g2b-firmware
	-iwl6050-firmware
	-iwl7260-firmware
	-libertas-usb8388-firmware
	-libertas-sd8686-firmware
	-libertas-sd8787-firmware
	-ql2100-firmware
	-ql2200-firmware
	-ql23xx-firmware
	-ql2400-firmware
	-ql2500-firmware
	-rt61pci-firmware
	-rt73usb-firmware
	-xorg-x11-drv-ati-firmware
	-zd1211-firmware

	-fprintd-pam
	-intltool

	# Make sure Virtualbox Guest Extensions can build
	kernel-devel
	kernel-headers
	zlib-devel
	openssl-devel
	readline-devel
	sqlite-devel
	perl
	gcc
	ruby

	# Stuff for Puppet
	libselinux-ruby
	libX11
	libXau
	libXdmcp
	tk
	augeas-libs

	# Base packages
	gcc
	gdb
	git
	iotop
	postfix
	python
	python-libs
	python-setuptools
	rpm-build
	screen
	strace

	# VMware tools (part 1 - part 2 comes from http://partnerweb.vmware.com/GOSIG/RHEL_7.html#Tools in virtualbox.sh)
	open-vm-tools

	%end

	%post

	# The request above to skip bluez-utils, dogtail, and systemtap is ignored due to something tweaky. So we compensate back to normal here. :/
	yum -y erase gtk2 hicolor-icon-theme avahi freetype bitstream-vera-fonts gnome gnome-python2 libXt libXfixes libXxf86misc libXres libXft libXrender libXmu libXi libXcursor libXTrap libXxf86vm libXfontcache libXevie libXpm xorg-x11-server-Xvfb libXfont libXext libXrandr libXinerama libXtst libXaw gnome-mime-data

	# Add Vagrant user and group. 501/20 matches the default user on OS X (in case you're thinking of using NFS in that context)
	/usr/sbin/groupadd -g 501 vagrant
	/usr/sbin/useradd -u 501 -g 501 -m vagrant

	echo "vagrant"\|passwd --stdin vagrant
	echo 'Defaults:vagrant !requiretty' >> /etc/sudoers.d/vagrant
	echo '%vagrant ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/vagrant

	mkdir /home/vagrant/.ssh

	cat <<THE_END > /home/vagrant/.ssh/authorized_keys
	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
	THE_END
	chown vagrant:vagrant -R /home/vagrant/.ssh
	chmod 700 /home/vagrant/.ssh
	chmod 600 /home/vagrant/.ssh/authorized_keys

	chcon -R unconfined_u:object_r:user_home_t:s0 /home/vagrant/.ssh

	# Disable 'consistent network device naming' and make things act more or less reasonable in a VM-oriented context.
	echo > /etc/udev/rules.d/70-persistent-net.rules
	echo > /etc/udev/rules.d/75-persistent-net-generator.rules

	sed -i'' -e '/UUID=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
	sed -i'' -e '/HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
	sed -i'' -e '/DHCP_HOSTNAME=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
	sed -i'' -e 's/NM_CONTROLLED=.*/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-eth0

	# Disable rhnsd so we don't get automatic updates - needs discussion with The Operators. This is aimed at immutable stuff. YMMV.
	service rhnsd stop \|\| echo "ignore"
	chkconfig rhnsd off

	%end
	{
	"variables": {
	"ip_address": "IP_ADDRESS",
	"netmask": "255.255.255.0",
	"gateway": "IP_ADDRESS",
	"nameserver1": "IP_ADDRESS",
	"nameserver2": "IP_ADDRESS",
	"headless": "true",
	"remote_type_info": "If you're building directly on ESX, set remote_type to 'esx'. Otherwise, leave it blank.",
	"remote_type": "",
	"exsi_info_1": "You only need to fill in the esxi_* variables if you're building on ESX. Otherwise, packer will build locally.",
	"esxi_username": "",
	"esxi_password": "",
	"esxi_host": "",
	"esxi_datastore": "",
	"yum_caching_proxy_url": "",
	"password": "vagrant",
	"redhat_repo_base_url": "http://IP_ADDRESS/yum",
	"iso_root": "http://IP_ADDRESS/yum/iso",
	"role": "base",
	"hiera": "hiera/null.yaml",
	"post_command": " \|\| [[ \"$?\" == \"2\" \|\| \"$?\" == \"0\" ]] \|\| (echo \"sleeping 90000 seconds due to failure; ctrl-Z to pause indefinitely\"; sleep 90000; exit 1)",
	"memory": "4096",
	"final_memory": "8192",
	"cpu_count": "2",
	"disk_boot": "4000",
	"disk_common": "57000",
	"disk_log": "21000",
	"disk_tmp": "21000",
	"disk_search": "100000",
	"build_ip_info_1": "See https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/chap-anaconda-boot-options.html#tabl-boot-options-network-formats",
	"build_ip_info_2": "Use 'dhcp' to set DHCP",
	"build_ip_info_3": "Static configuration comes in the format ip=ip::gateway:netmask:hostname:interface:none",
	"build_ip_info_4": "where the 'none' is the literal string 'none', indicating the configuration method",
	"build_ip": "dhcp",
	"post_info_1": "All of the post variables below set the final state of the machine up so that it it's just a single-button action to turn on and attach.",
	"post_info_2": "When the box is booted, the settings below will take effect - so be careful to isolate your nets if you're swapping out VMs or anything like that.",
	"post_hostname": "",
	"post_domain": "",
	"post_dns_1": "",
	"post_dns_2": "",
	"post_dns_3": "",
	"post_ip_address_1": "",
	"post_ip_address_2": "",
	"post_netmask_1": "",
	"post_netmask_2": "",
	"post_gateway": ""
	},
	"builders": [
	{
	"name": "rhel7-vmware-base",
	"type": "vmware-iso",
	"vmdk_name": "disk",
	"headless": "{{ user `headless` }}",
	"remote_type": "{{ user `remote_type` }}",
	"remote_username": "{{ user `esxi_username` }}",
	"remote_password": "{{ user `esxi_password` }}",
	"remote_host": "{{user `esxi_host` }}",
	"remote_datastore": "{{ user `esxi_datastore` }}",
	"remote_cache_directory": "/packer",
	"vmx_data": {
	"config.version": "8",
	"ctkEnabled": "true",
	"ethernet0.displayName": "Ethernet",
	"ethernet0.virtualDev": "e1000",
	"mem.hotadd": "true",
	"memSize": "8192",
	"numvcpus": "2",
	"sched.cpu.shares": "normal",
	"sched.mem.shares": "normal",
	"softPowerOff": "false",
	"svga.present": "true",
	"svga.vramSize": "8388608",
	"tools.upgrade.policy": "manual",
	"virtualHW.version": "8"
	},
	"vmx_data_post": {
	"numvcpus": "{{ user `cpu_count` }}",
	"ethernet0.connectionType": "bridged",
	"ethernet0.virtualdev": "vmxnet3",
	"ethernet1.virtualdev": "vmxnet3",
	"memsize": "{{ user `final_memory` }}",
	"ide1:0.present": "false",
	"tools.synctime": "false",
	"toolscripts.afterpoweron": "true",
	"toolscripts.afterresume": "true",
	"toolscripts.beforesuspend": "true",
	"toolscripts.beforepoweroff": "true",
	"remotedisplay.vnc.enabled": "FALSE"
	},
	"guest_os_type": "rhel6-64",
	"tools_upload_flavor": "linux",
	"tools_upload_path": "/home/vagrant/linux.iso",
	"disk_size": "{{ user `disk_boot` }}",
	"disk_type_id": "0",
	"disk_additional_size": [
	"{{ user `disk_common` }}",
	"{{ user `disk_log` }}",
	"{{ user `disk_tmp` }}",
	"{{ user `disk_search` }}"
	],
	"vmx_template_path": "templates/vmx/vmx-template-linux.vmx",
	"vmx_disk_template_path": "templates/vmx/vmx-disk-template-linux.vmx",
	"iso_url": "{{ user `iso_root` }}/rhel-server-7.1-x86_64-dvd.iso",
	"iso_checksum": "2f44295b1b40b98d2ef694cc111dbb34f46151f38f60bd1db951d142a9d417b414e80b5981ca53e8f32e198ec264120b2b626ea86e2a5793a682d536ce78b1e0",
	"iso_checksum_type": "sha512",
	"http_directory": "kickstarts/rhel-7.1",
	"output_directory": "rhel7-vmware-base",
	"boot_command": "<up><tab> text net.ifnames=0 inst.ks=http://IP_ADDRESS/ks.cfg ip={{ user `build_ip` }}<enter><wait><enter><wait>",
	"boot_wait": "5s",
	"shutdown_command": "echo 'vagrant' \| sudo -S /sbin/shutdown -h now",
	"ssh_username": "vagrant",
	"ssh_password": "vagrant",
	"ssh_wait_timeout": "1000s",
	"vm_name": "rhel7-vmware-base"
	},
	{
	"name": "rhel7-virtualbox-base",
	"type": "virtualbox-iso",
	"headless": "{{ user `headless` }}",
	"guest_os_type": "RedHat_64",
	"guest_additions_mode": "upload",
	"guest_additions_path": "VBoxGuestAdditions.iso",
	"virtualbox_version_file": ".vbox_version",
	"disk_size": "{{ user `disk_boot` }}",
	"hard_drive_interface": "sata",
	"vboxmanage": [
	[
	"modifyvm",
	"{{.Name}}",
	"--cpus",
	"{{ user `cpu_count` }}"
	],
	[
	"modifyvm",
	"{{.Name}}",
	"--memory",
	"{{ user `final_memory` }}"
	],
	[
	"createhd",
	"--format",
	"VDI",
	"--filename",
	"disk2.vdi",
	"--size",
	"{{ user `disk_common` }}"
	],
	[
	"storageattach",
	"{{.Name}}",
	"--storagectl",
	"SATA Controller",
	"--port",
	"1",
	"--type",
	"hdd",
	"--medium",
	"disk2.vdi"
	],
	[
	"createhd",
	"--format",
	"VDI",
	"--filename",
	"disk3.vdi",
	"--size",
	"{{ user `disk_log` }}"
	],
	[
	"storageattach",
	"{{.Name}}",
	"--storagectl",
	"SATA Controller",
	"--port",
	"2",
	"--type",
	"hdd",
	"--medium",
	"disk3.vdi"
	],
	[
	"createhd",
	"--format",
	"VDI",
	"--filename",
	"disk4.vdi",
	"--size",
	"{{ user `disk_tmp` }}"
	],
	[
	"storageattach",
	"{{.Name}}",
	"--storagectl",
	"SATA Controller",
	"--port",
	"3",
	"--type",
	"hdd",
	"--medium",
	"disk4.vdi"
	],
	[
	"createhd",
	"--format",
	"VDI",
	"--filename",
	"disk5.vdi",
	"--size",
	"{{ user `disk_search` }}"
	],
	[
	"storageattach",
	"{{.Name}}",
	"--storagectl",
	"SATA Controller",
	"--port",
	"4",
	"--type",
	"hdd",
	"--medium",
	"disk5.vdi"
	]
	],
	"iso_url": "{{ user `iso_root` }}/rhel-server-7.1-x86_64-dvd.iso",
	"iso_checksum": "2f44295b1b40b98d2ef694cc111dbb34f46151f38f60bd1db951d142a9d417b414e80b5981ca53e8f32e198ec264120b2b626ea86e2a5793a682d536ce78b1e0",
	"iso_checksum_type": "sha512",
	"http_directory": "kickstarts/rhel-7.1",
	"output_directory": "rhel7-virtualbox-base",
	"boot_command": "<up><tab> text net.ifnames=0 inst.ks=http://IP_ADDRESS/ks.cfg ip={{ user `build_ip` }}<enter><wait><enter><wait>",
	"boot_wait": "5s",
	"shutdown_command": "echo 'vagrant' \| sudo -S /sbin/shutdown -h now",
	"ssh_username": "vagrant",
	"ssh_password": "vagrant",
	"ssh_wait_timeout": "1000s",
	"vm_name": "rhel7-virtualbox-base"
	}
	],
	"provisioners": [
	{
	"type": "shell",
	"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}' {{ user `post_command` }}",
	"environment_vars": [
	"REDHAT_REPO_BASE_URL={{ user `redhat_repo_base_url` }}",
	"YUM_CACHING_PROXY_URL={{ user `yum_caching_proxy_url` }}",
	"POST_DOMAIN={{ user `post_domain` }}",
	"POST_HOSTNAME={{ user `post_hostname` }}",
	"POST_IP_ADDRESS_1={{ user `post_ip_address_1` }}",
	"POST_IP_ADDRESS_2={{ user `post_ip_address_2` }}",
	"POST_NETMASK_1={{ user `post_netmask_1` }}",
	"POST_NETMASK_2={{ user `post_netmask_2` }}",
	"POST_DNS1={{ user `post_dns1` }}",
	"POST_DNS2={{ user `post_dns2` }}",
	"POST_DNS3={{ user `post_dns3` }}",
	"POST_GATEWAY={{ user `post_gateway` }}",
	"PASSWORD={{ user `password` }}"
	],
	"scripts": [
	"scripts/linux/bare.sh",
	"scripts/linux/virtualbox.sh",
	"scripts/linux/facter.sh",
	"scripts/linux/sanity_check.sh"
	]
	},
	{
	"type": "file",
	"source": "provisioners/puppeteer/puppet",
	"destination": "/tmp/puppet"
	},
	{
	"type": "shell",
	"inline": "sudo cp -a /tmp/puppet/* /etc/puppet/; rm -rf /tmp/puppet"
	},
	{
	"type": "puppet-masterless",
	"execute_command": "{{.FacterVars}}{{if .Sudo}} sudo -E {{end}}puppet apply --verbose --debug --parser future --modulepath='/etc/puppet/modules' --hiera_config='/etc/puppet/{{ user `hiera` }}' --manifestdir='/etc/puppet/manifests' --detailed-exitcodes /etc/puppet/manifests/site.pp {{ user `post_command` }}",
	"facter": {
	"server_tags": "role:{{ user `role` }}=true",
	"redhat_repo_base_url": "{{ user `redhat_repo_base_url` }}"
	},
	"hiera_config_path": "provisioners/puppeteer/puppet/{{ user `hiera` }}",
	"manifest_file": "provisioners/puppeteer/puppet/manifests/site.pp",
	"module_paths": [
	"provisioners/puppeteer/puppet/modules/"
	],
	"staging_directory": "/tmp/packer-puppet-masterless/puppet"
	},
	{
	"type": "shell",
	"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}' {{ user `post_command` }}",
	"environment_vars": [
	"REDHAT_REPO_BASE_URL={{ user `redhat_repo_base_url` }}",
	"YUM_CACHING_PROXY_URL={{ user `yum_caching_proxy_url` }}",
	"POST_DOMAIN={{ user `post_domain` }}",
	"POST_HOSTNAME={{ user `post_hostname` }}",
	"POST_IP_ADDRESS_1={{ user `post_ip_address_1` }}",
	"POST_IP_ADDRESS_2={{ user `post_ip_address_2` }}",
	"POST_NETMASK_1={{ user `post_netmask_1` }}",
	"POST_NETMASK_2={{ user `post_netmask_2` }}",
	"POST_DNS1={{ user `post_dns1` }}",
	"POST_DNS2={{ user `post_dns2` }}",
	"POST_DNS3={{ user `post_dns3` }}",
	"POST_GATEWAY={{ user `post_gateway` }}",
	"PASSWORD={{ user `password` }}"
	],
	"scripts": [
	"scripts/linux/sensus-harden.sh",
	"scripts/linux/ipaddress.sh",
	"scripts/linux/password.sh",
	"scripts/linux/cleanup.sh"
	]
	},
	{
	"type": "shell",
	"inline": [
	"echo Sleeping 90 so you can interrupt - run pkill -f sleep to continue.",
	"sleep 90 \|\| true"
	]
	}
	],
	"post-processors": []
	}